Additional Remarks on the Public Consultation of the European Commis-

sion On improving cross-border access to electronic evidence in criminal

matters

Berlin/Brussels, 23. October 2017

The European Commission is currently exploring new ways to increase efficiency in

cross border investigations in crime, which also addresses the topic of electroniccommunications, and information (in short e-evidence). While this approach shallrelieve burden for Law-Enforcement Agencies (LEAs) and judicial authorities it isquestionable whether there is a possible trade-off that may be the compromising ofthe rule of law. The Commission has launched a public consultation in order to clar-ify the image of the next steps to be taken on the topic. eco - in addition to the an-swers already submitted has the following remarks on the topics of the consulta-tion.

On Part II: General Questions and Current Situation in your Country / entityIn Germany, law allows for a broad spectrum of measures for lawful interception ofelectronic communications and obtaining information on users of phones or de-vices. These measures are supplemented with safeguards in order to assure that in-terference with fundamental rights is limited. This legislation has been developed inorder to address the possibility that criminals may employ digital services or elec-tronic communications for their activities and refined several times. Hypothesisesthat employment of digital services obstructs law-enforcement can - at least from aGerman point of view - negated. The fact that LEAs and judicial authorities have toaddress local authorities of the respective Member States underlines the rule of lawand ensures that legal safeguards deployed are in place and work. This creates cer-tainty for LEAs, judicial authorities, service providers and citizens alike.Changing this established system brings along several questions which eco has al-ready addressed in its remarks on the Inception Impact Assessment of the e-Evi-dence Initiative. The guaranteed rights of users of electronic communication and in-formation society services have to be paid respect to. Since a direct access on elec-tronic evidence removes safeguards, which are in place, there is serious concernthat their enforcement and guarantee is being delegated to companies, which donot possess the competence and authority to conduct responsibilities of public ad-ministrations. Secondly, these measures must be strictly in line with the e-Com-merce Directive and its provisions to avoid undermining of the principle of homestate regulation and provoke third countries to impose similar rules making compli-ance with all different rules in the digital world de facto impossible and posing an

Page 1 of 3immense threat to the digital economy. In addition to that, it would offer potentialfor confusion with measures already established.Legal certainty for companies and citizens as well as transparency of intrusivemeasures and their deployment are elemental for the functioning of a digital singlemarket. Offering new mechanisms to circumvent judicial oversight of memberstates is problematic. Fostering cooperation and setting standards for measures de-ployed would be a helpful approach, which would also allow national or local super-visory institutions to harmonize and streamline the processing of access requests.The central problems for accessing e-Evidence are derived from authorities not be-ing able to comply with different national frameworks or not identifying the loca-tion of data itself or the appropriate legal framework. Problems encountered whenconducting cross-border requests could be remedied in harmonizing request formsand requested contents allowing national competent authorities to standardizeprocedures and accelerate the access to relevant information. National frameworksshould be revised respectively in order to achieve a common understanding of in-formation to be obtained and should be created where they do not exist yet. Thesehave however to take the protection of the very fundamental rights of Europeancitizens into account as well as the confidentiality of electronic communications asit is already laid down in several national legal frameworks.

On Part III: Access to e-evidence by a direct production request/order to the

digital service providerWhen taking measures towards lightening access for LEAs and judicial authoritieswithin a European framework, there should be a clear and well-defined red line,which is the home state regulation. The act, which requires investigation, should bepunishable in both countries - if not so, this would lead to multiple complianceschemes that cannot be satisfied.These measures create heavy additional administrative burden for service providerswho will possibly have to translate, prove judicially these requests and deploymechanisms to actually obtain the requested information and transfer it to the re-spective requesting LEAs - possibly in 28 different ways.

On Part IV: Direct access to e-evidence through an information system without

any intermediary (e.g. a service provider) involvedAccess to information stored in digital services should be paid respect to the loca-tion of the data involved and should not go beyond the data stored on the respec-tive device. There should be no option to circumvent implemented securitymeasures by a service provider (e.g. end-to-end encryption). The protection of fun-damental rights and the confidentiality of electronic communications should bepaid due respect. The exclusion of a service provider from such measures is hard to

Page 2 of 3imagine. Notification of at least both service provider and the Members States af-fected by the measure is mandatory if any legislative measure of this kind is to befurther elaborated. eco urgently recommends double checking on whether such ameasure can be deployed granting legal certainty for all parties included. Securityfor and integrity of digital services must be protected at all times in order to keepup the confidence of citizens in these services and their political institutions as theSnowden Incident is dramatically demonstrates.

On Part V: International scope

The main-challenge for LEAs and judicial authorities in requests to access or obtainevidence seems the inability to procure proper requests and their timely pro-cessing. Legislation, which would require service providers within the EU and be-yond to provide Single Points of Contact, would not provide additional benefits tothe schemes established under the MLAT frameworks - especially if LEAs and judi-cial authorities from all EU Member-States could address their requests towardsthe respective service providers. The obligation to examine and valuate the re-quests about their data will take due time and additional efforts, which, in doubt,will not accelerate the processing of the information mentioned but in fact bear therisk that the national service provider will seek clarification before a national court.The problem that exists in the cooperation between the different national LEAs andjudicial authorities within their respective legal frameworks will only be relocated toprivate companies who then are forced to compliance and have to bear the bur-dens of inappropriate communication between the former. The existing challengesthrough MLATs will not be met through direct inquiries but through harmonizationof legislation and procedures.eco recommends the review of the existing mechanisms and for creating cross-na-tional structures and mechanisms for investigations as already rudimentarilyfounded in the European investigation order (Directive 2014/41/EU) which remedythe actual problem of cross-border criminality. Imposing additional burden on com-munication services and their providers is not helpful. ___________________________

About eco

eco Association of the Internet Industry fosters all companies that create eco-nomic value with or in the Internet and represents their interests. The associationcurrently represents more than 1,000 member companies.These include, among others, ISPs (Internet Service Providers), carriers, hardwareand software suppliers, content and service providers, and communication compa-nies. eco is the largest national Internet Service Provider association in Europe.